Proposals (subject and synopsis) submission: April 12th, 2010
Authors notification: April 16th, 2010
"Night Da Hack" is one of the oldest French underground hacking conference. Also known as "Nuit du Hack", this event aims at bringing together IT professionals and hackers around computer security related talks, workshops and contests. For the first time, this 2010 edition will be open to international talks and workshops.
Date: June 19-20 2010
Time: 4 PM - 7 AM
Location: Paris, France
Talk proposals should be send to firstname.lastname@example.org with "NDH - Proposal" as subject and containing (at least) a short description of the talk and a detailled synopsis. Workshop proposals are also welcomed and follow the same submission scheme but no synopsis is required.
Once a proposal is accepted, the author is asked to write down the final version (including slides and appendices) that would be available online after the event.
You can find some samples in the Archives section.
A basic pack (including entrance fee with one sandwich and one drink) would be offered to each approved talker or workshop organizer.
Every subject related to IT security would be welcomed but the originality of the proposal is also reviewed.
Talks should last 30 minutes (question time included). We will not hesitate to interrupt a talk to keep the event right on time.
Workshops would take place in parallel of the talks with dedicated stalls.
|Time slot||Track 1||Track 2|
|17h00 - 17h30||Security vulnerabilities disclosure, challenges and risks (Jérome Hennecart / Raphael Rault)||Unix Malwares (Julien Reveret)|
|17h45 - 18h15||Security vulnerabilities disclosure, challenges and risks II
||XeeK : XSS Easy Exploitation Kernel (Emilien Girault)|
|18h30 - 19h00||Evolution IT (Gael THEROND)||GPGPU and its implications on security of encryption systems (Lucas Fernandez)|
|19h15 - 19h45||HZVault (Majinboo)||Antivirus Security is a failure (Stefan Leberre)|
|20h - 21h||Cracking the Playstation 3 (GeoHotz)|
|21h15 - 21h45||xdbg, an open-source disassembler and debugger (Christophe Devine)||Virtualisation & security (Emanuel Istace)|
|22h - 23h||Advanced Mac OS X Physical Memory Analysis (Matthieu Suiche)|
|23h15 - 23h45||Stack Smashing Protector (Paul Rascagneres - RootBSD)||Advanced lockpicking techniques (Cocolitos / Mr. Jack)|
The PS3 has been considered unbreakable for 3 years, during which it has not been affected by piracy.
On January 23th 2010, and after 5 weeks of research, George Hotz claimed on his blog: "I have read/write access to the entire system memory, and HV level access to the processor. In other words, I have hacked the PS3."
In this conference, the author will explain security mechanisms enforced by Sony to protect the console, and how to bypass them.
In 2008 and 2009, companies and governments interests for Microsoft Windows physical memory growled significantly. Now it is time to talk about Mac OS X. This talk will describe basis of Mac OS X Kernel Internals (and not a XNU kernel creation timeline) and how to retrieve various information like machine information, mounted file systems, processes listing and extraction and threads, kernel extensions listing and extraction and Rootkit detection.
The HZVault project aims at combining both mobility, flexibility and security. This project is largely inspired from Globull but do not have its software weakness and costs only the price of "mass market" storage. To increase the safety and the performance of solution, the project can be carried on Globul or Datalocker, which makes its force. The goal is to use the chip of crypto of these product to evolve to a global safety and better I/O performances. HZVault was entirely conceived with open source products and will be released under an open source licence.
As video games graphics become more and more complex, graphics cards have turned to parallel computing, by multiplying their c units. Today these cards can be used in additional calculating CPU units. Thus, cryptography so dependent on the power of the machine for the encryption time, is offered new possibilities of bruteforcing with GPGPU technology.
The purpose of this presentation is to give an overview about virtualisation security. Indeed, virtualisation is more and more present in current IT infrastructures, but is frequently misused. Our goal is not to make a demonstration of vulnerabilitiy exploitations, but rather to present the weak points of various virtualization technologies.
Since FreeBSD 8.0, the SSP is activated automatically when compiling the OS. This GCC option, originally developed by IBM, allows to add protection mechanisms regarding buffer overflows. This presentation will come with C sources and a memory study using GDB.
At present, the oldest tool considered a computer is the Antikythera. The Greek Antikythera is an object discovered in 1901 during excavations underwater on a Roman wreck. There is very little time that we know exactly what use this tool. In fact one used in the study of astronomical phenomena, it was used especially to predict eclipses and other astronomical events so amazingly accurate for its time. Have mechanism is so precise and complex relation that the person who created this object has noted the operation on the object itself.
We often entrust the security of our operating system to anti-virus / firewalls. The question is "Is this a good thing?". We show rapid functional limitations related to anti-virus and firewalls. Even if these systems do not totaly protect us, they should not be a gateway for hackers. Unfortunately today the anti-virus are poorly tested before being put into production. It is a risk for users who paid for theirs protection. The talk will be focused on practical vulnerability research highlighing obvious security holes.
Malicious code analysis requires efficient tools. However at the moment reversers mainly use proprietary and often very expensive tools (in particular IDA Pro, BinDiff, etc.). The goal of the xdbg project is thereforce to create an analysis tool licensed under the GPL, at first targeting the x86 platform. It aims to offer classic features for reverse-engineering and debugging assembly code.
Most Unix users may think they're safe from threats such as viruses and malwares. This talk will prove them wrong, there are many different ways to infect a Unix system. A framework to create malware infected packages for unix platforms will be demonstrated.
Vulnerabilities disclosure is a critical element of computer security. The speakers will talk, with demonstration, about challenges and risks of computer security vulnerabilities disclosure.
Lockpicking is the well-known art of lock-opening but many high-security locks cannot be open this way. This talk will present two particular lockpicking techniques (known as key-impression techniques) plus an innovative and exclusive high-security lock opening technique based on a specifically crafted tool.